Vulnerability Description
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit client or frontend could craft a request that could lead to BuildKit daemon crashing with a panic. The issue has been fixed in v0.12.5. As a workaround, avoid using BuildKit frontends from untrusted sources.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mobyproject | Buildkit | < 0.12.5 |
Related Weaknesses (CWE)
References
- https://github.com/moby/buildkit/pull/4601PatchVendor Advisory
- https://github.com/moby/buildkit/releases/tag/v0.12.5PatchRelease Notes
- https://github.com/moby/buildkit/security/advisories/GHSA-9p26-698r-w4hxVendor Advisory
- https://github.com/moby/buildkit/pull/4601PatchVendor Advisory
- https://github.com/moby/buildkit/releases/tag/v0.12.5PatchRelease Notes
- https://github.com/moby/buildkit/security/advisories/GHSA-9p26-698r-w4hxVendor Advisory
FAQ
What is CVE-2024-23650?
CVE-2024-23650 is a vulnerability with a CVSS score of 5.3 (MEDIUM). BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit client or frontend could craft a request that could lead to ...
How severe is CVE-2024-23650?
CVE-2024-23650 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-23650?
Check the references section above for vendor advisories and patch information. Affected products include: Mobyproject Buildkit.